Share

5 min read

Writen by Adam

Posted on: January 17, 2021

Are you making these common GDPR mistakes?

GDPRs never going to be simple, but unfortunately getting it wrong can lead to penalties and fines!

Even the most experienced Data Experts can make mistakes, so it’s always good to be in the know about what the most common, yet easily fixable, mistakes are.

Here are the five most common GDPR mistakes that we’ve seen (and how you can avoid them).

1. Compliant on paper, but not in practice.

You may have sorted out your documents, including the privacy policy in the emails, and have the perfect breach prevention plan. But…are you actually going to follow the rules? All too often, companies will be GDPR compliant by documentation, but still make errors when it comes to actually storing, processing or deleting the data. It’s important to make sure that whilst you’re getting your GDPR Rin order, that you’re taking notes in areas such as how you’ll store your data, how you make sure that your privacy notices are clear, and what you will do if there was a personal data breach. Remembering these key details will make sure your business is GDPR compliant on paper and in practice.

2. Party for One.

This is a difficult one for companies but having one person solely in charge of all of your GPDR, data protection and sometimes IT services can for many be too much. You want to make sure that your data protection officers can be focussed on making sure you’re meeting the data protection guidelines for your country, without having to worry about other IT related services too! If you can, it’s best to have a team handling all of the different data protection needs of your business. Budgeting for a small, but skilful team is much more cost-effective than being landed with a huge fine from the ICO, and you can rest assured that your data needs are being taken care off. Managing data is a multi-skilled operation, so having a team is the best way to ensure there are no unturned stones in your GPDR preparedness.

3. Thinking Small

You may have followed the GDPR for your customer’s data to a high standard, follow all of the protocols and checked every box. But, what about your staff’s personal data? Or resumes from potential hires? Are these just stored in a big file that anyone could open? When it comes to GDPR you need to make sure you’ve thought through all the data you may need to manage. We’d recommend taking the time to write down all the types of data your company may use or receive and ensuring you have included these in your GDPR documentation. Taking ten minutes to do this now could have a huge fine or penalty later down the road!

4. 72 Hours

Nightmare: You’ve woken up in the morning to find that your company has become infiltrated overnight, and hackers have stolen the personal data of hundreds of customers and staff. While it would be tempting to bury your head in the safety of the duvet, you have to act fast. Upon learning of a breach, you must notify the Information Commissioner’s Office (ICO), as well as all of the affected users. All organisations have to report certain types of personal data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. This is actually quite a serious mistake that countless small and big business make, so be sure to read the ICO guidance on this to ensure you won’t be waking up to the same nightmare.

5. Procrastination

You’re aware you have to get started on your GPDR documents, but you’re not sure how, or why, and frankly you have lots more important thing to do, especially now! This may sound like a good excuse to you, but it definitely will not work with the ICO and your Data Protection Authority. Quite simply, you cannot delay starting your GDPR. We understand that it can be a daunting task to many, which is why we at GDPRlocal are here to help.

If you are new to GDPR, we suggest you start by getting your free GDPRlocal account by clicking here and take a look at the free downloads. These documents will help you understand what you need to do.

If you have questions about getting your GDPR started or anything we’ve highlighted today, drop us an email at [email protected], or call us at 01772 217800 and we can give you a hand.

Good luck all.

Recent blogs

Do you know how to recognize a SAR?

As per the GDPR Regulative there are certain rights that data subjects can obtain. One of the

All that you need to know about lawful basis for processing data

The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must

ICO POST: Data sharing code

Very beneficial blog has been shared by Ali Shah, Head of Technology Policy Blog:Building on the

Get Your Account Now

Setup in just 5 minutes. Enter your company details and choose the EU Representative services you need.

Give Us a Call

Not sure whether EU Representative applies to you or which option to choose? Call, email, chat to us anytime.

06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.